IIS server vulnerability (MS15-034)

The vulnerability could allow remote code execution if an attacker sends a specially crafted HTTP request to an affected Windows system.

Denial of Service (DoS) exploits are widely available to exploit CVE-2015-1635, a vulnerability in HTTP.sys, affecting Internet Information Server (IIS) . The patch was released on Tuesday (April 14th) as part of Microsoft’s Patch Tuesday.

CVE

https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1635
KB Number 3042553https://support.microsoft.com/en-us/kb/3042553Summary
The vulnerability could allow remote code execution if an attacker sends a specially crafted HTTP request to an affected Windows system. The security update addresses the vulnerability by modifying how the Windows HTTP stack handles requests.Attack Vectors
To exploit this vulnerability, an attacker would have to send a specially crafted HTTP request to the affected system.
Affected software Windows 7, Windows 8, Windows 8.1, Windows Server 2008 R2, Windows Server 2012, Windows Server 2012 R2
Also note this exploit works over SSL meaning it can used to bypass your IDS or other network protections.

DOS Exploit

Add the IP you desire to exploit where I have 127.0.0.1. Noted that this has to be a static file.

Request Check

If the server responds with “Requested Header Range Not Satisfiable”, then you may be vulnerable. Results may be inconclusive as Erratasec has stated.

“I suspect the biggest reason is that the “Range” header only is parsed when there is a static file being served. If a script generates the page, then it’ll ignore the range. I also suspect that virtual-hosting gets in the way — that unless the correct DNS name is provided, then it’ll reject the request.

Thus, the testing is inconclusive. While I can find some vulnerable responses, just because a server gives me some other response doesn’t mean it’s not also vulnerable. Thus, I can’t really say anything about the extent of the vulnerability.”